Kingsoft Japan, Inc.
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2516 | Cri | 0.62 | — | 0.00 | Mar 27, 2025 | The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate,… | ||
| CVE-2024-11957 | Cri | 0.60 | — | 0.00 | Mar 4, 2025 | Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not… | ||
| CVE-2024-56957 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-13187 | Med | 0.34 | 5.3 | 0.00 | Jan 8, 2025 | A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local… | ||
| CVE-2024-7262 | 0.13 | — | 0.10 | KEV | Aug 15, 2024 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the… | ||
| CVE-2024-7263 | 0.00 | — | 0.00 | Aug 15, 2024 | Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was… | |||
| CVE-2023-31275 | 0.00 | — | 0.01 | Nov 27, 2023 | An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this… | |||
| CVE-2023-32548 | 0.00 | — | 0.01 | Jun 13, 2023 | OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where… |
- risk 0.62cvss —epss 0.00
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate,…
- risk 0.60cvss —epss 0.00
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not…
- risk 0.42cvss 6.5epss 0.00
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.34cvss 5.3epss 0.00
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local…
- risk 0.13cvss —epss 0.10
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the…
- CVE-2024-7263Aug 15, 2024risk 0.00cvss —epss 0.00
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was…
- CVE-2023-31275Nov 27, 2023risk 0.00cvss —epss 0.01
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this…
- CVE-2023-32548Jun 13, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where…